lists.arthurdejong.org
RSS feed

Re: LDAP referral, binding -> invalid credentials

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: LDAP referral, binding -> invalid credentials



On Mon, 2010-07-26 at 11:24 +0200, Valentin Mann wrote:
> I tested again with PADL's pam_ldap, but it didn't work either.
> Most important lines in /etc/ldap.conf were the following:
> base dc=subdomain,dc=example,dc=com
> uri ldap://ldapserver1
> #debug 10
> referrals yes # did not change anything

I've asked on the openldap-technical mailing list [1] and the solution
is not very simple to implement. For this to work nslcd would have to do
referral chasing itself (instead of delegating it to the OpenLDAP
library) and work out which LDAP server the entry came from.

This probably requires maintaining more state and probably results in
quite a lot of code changes. Unless someone can provide a patch I don't
think this will be fixed in the short term I'm afraid.

[1] http://www.openldap.org/lists/openldap-technical/201007/msg00358.html

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users